Support HTTPOnly cookie for HttpResponse.set_cookie
|Reported by:||hvendelbo||Owned by:||nobody|
|Cc:||Triage Stage:||Design decision needed|
|Has patch:||no||Needs documentation:||no|
|Needs tests:||no||Patch needs improvement:||no|
Most browsers has some support for HTTPOnly cookies. It provides some protection against XSS attacks.
I've added another optional parameter to the set_cookie method. I also figured that it should be possible to make the sessionid use the flag.
Change History (4)
comment:1 Changed 5 years ago by mattmcc
- Has patch unset
- milestone 1.1 deleted
- Needs documentation unset
- Needs tests unset
- Patch needs improvement unset
- Triage Stage changed from Unreviewed to Design decision needed